I wonder why CFP creates two separate In & Out rules for trusted apps instead of creating one biderectional rule. It occupies twice more space in DB and processing power and still I see no difference. When I change the direction any one of this pair to both they simply collapse to a single rule.
Ah… the almost mystical workings of the Application Monitor rules. Sorry, I honestly do not have a clue as to what is happening on occasions like this. I’m certain that there is some rational logic to it… well there must be, otherwise it couldn’t have been coded. But, it eludes me. Perhaps, its something to do with what might be needed… different parents/security options, etc. Do they change on the reboot? I seem to remember that they do… maybe that’s when CFP does the weeding.
The bidirectional rules are really only applicable IF the source port and destination port are identical, regardless of the direction the traffic is flowing in.
For example, when IE contacts a web site, its destination port is 80 on the web server, and its source port could be something like 24000. The web server responds to the port 80 query to port 24000 on the originating IP.
Myself, I prefer to have separate rules for IN and OUT. It seems to make it easier to work out what’s gone pearshaped.
Hope this helps,